Headline
CVE-2022-31232: DSA-2022-156: Dell SmartFabric Storage Software Security Update for Multiple Component Vulnerabilities
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
Vaikutus
High
Tiedot
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-31232
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Proprietary Code CVE
Description
CVSS Base Score
CVSS Vector String
CVE-2022-31232
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Keinoja ongelman kiertämiseen tai lieventämiseen
If RADIUS and TACACS authentication is not a requirement, then customers can execute the “rm /etc/ham/libnss_sac.enable” command to mitigate the vulnerability. If RADIUS and TACACS is a requirement, then customers must update.
Versiohistoria
Revision
Date
Description
1.0
2022-07-19
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
19 heinäk. 2022